Marketplace when-setting-network-security-use-network-security-setup
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
install
source · Clone the upstream repo
git clone https://github.com/aiskillstore/marketplace
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/aiskillstore/marketplace "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/dnyoussef/when-setting-network-security-use-network-security-setup" ~/.claude/skills/aiskillstore-marketplace-when-setting-network-security-use-network-security-setu && rm -rf "$T"
manifest:
skills/dnyoussef/when-setting-network-security-use-network-security-setup/SKILL.mdsource content
Network Security Setup SOP
metadata: skill_name: when-setting-network-security-use-network-security-setup version: 1.0.0 category: specialized-tools difficulty: intermediate estimated_duration: 25-45 minutes trigger_patterns: - "network security" - "configure network isolation" - "trusted domains" - "firewall rules" - "network access control" dependencies: - Claude Code sandbox - Network configuration access agents: - security-manager - cicd-engineer success_criteria: - Trusted domains configured - Access policies implemented - Environment variables set - Network tests passing - Documentation complete
Overview
Configure Claude Code sandbox network isolation with trusted domains, custom access policies, and environment variables for secure network communication.
Agent Responsibilities
security-manager
- Design network security architecture
- Define trusted domains and policies
- Validate security configurations
- Create security documentation
cicd-engineer
- Implement network configurations
- Deploy firewall rules
- Setup environment variables
- Create monitoring tools
Phase 1: Audit Network Requirements
Identify required network access, external dependencies, and security constraints.
mkdir -p network-security/{policies,config,tests,docs} # Document network requirements cat > network-security/docs/NETWORK-REQUIREMENTS.md << 'EOF' # Network Access Requirements ## External Dependencies - Anthropic API (api.anthropic.com) - GitHub (github.com, *.github.com) - NPM Registry (npmjs.org) - PyPI (pypi.org) - Docker Hub (docker.io) ## Required Ports - Outbound: 80 (HTTP), 443 (HTTPS), 22 (SSH) - Inbound: 3000, 5000, 8000, 8080 (Application) ## Protocols - Allowed: HTTP/HTTPS, SSH, Git - Blocked: FTP, Telnet, SMTP ## Rate Limits - 100 requests/minute - Burst: 150 requests EOF
Phase 2: Design Security Policies
Create comprehensive network security policies with allow/deny rules.
cat > network-security/policies/network-policy.json << 'EOF' { "network_security": { "mode": "whitelist", "trusted_domains": [ "*.anthropic.com", "api.openai.com", "github.com", "*.github.com", "raw.githubusercontent.com", "npmjs.org", "registry.npmjs.org", "pypi.org", "files.pythonhosted.org", "docker.io", "registry-1.docker.io" ], "blocked_domains": [ "*.malicious.com", "suspicious.net" ], "allowed_ports": { "outbound": [80, 443, 22], "inbound": [3000, 5000, 8000, 8080] }, "rate_limiting": { "enabled": true, "requests_per_minute": 100, "burst": 150 }, "dns_filtering": { "enabled": true, "block_private_ips": true, "block_localhost_bypass": true } } } EOF
Phase 3: Implement Network Isolation
Deploy firewall rules, DNS filtering, and access controls.
cat > network-security/config/configure-network.sh << 'EOF' #!/bin/bash set -e echo "Configuring network security..." # Configure firewall (iptables) iptables -P INPUT DROP iptables -P OUTPUT DROP iptables -A OUTPUT -p tcp --dport 443 -j ACCEPT iptables -A OUTPUT -p tcp --dport 80 -j ACCEPT iptables -A OUTPUT -p tcp --dport 22 -j ACCEPT iptables -A INPUT -p tcp --dport 3000 -j ACCEPT iptables -A INPUT -p tcp --dport 8000 -j ACCEPT # DNS filtering cat >> /etc/hosts << 'HOSTS' 127.0.0.1 malicious.com 127.0.0.1 suspicious.net HOSTS # Environment variables cat > /etc/environment.d/network-security.conf << 'ENV' HTTPS_PROXY="" NO_PROXY="localhost,127.0.0.1" TRUSTED_DOMAINS="anthropic.com,github.com,npmjs.org,pypi.org,docker.io" ENV echo "Network security configured" EOF chmod +x network-security/config/configure-network.sh
Phase 4: Test Access Controls
Validate network policies through comprehensive testing.
cat > network-security/tests/network-tests.sh << 'EOF' #!/bin/bash echo "Testing Network Security..." # Test trusted domain access curl -s --max-time 5 https://api.anthropic.com && echo "✓ Trusted domain accessible" # Test blocked domain ! curl -s --max-time 5 https://malicious.com && echo "✓ Blocked domain inaccessible" # Test allowed ports nc -zv localhost 3000 && echo "✓ Port 3000 accessible" echo "Network tests complete" EOF chmod +x network-security/tests/network-tests.sh
Phase 5: Document Configuration
Create comprehensive documentation for network security setup.
cat > network-security/docs/DEPLOYMENT.md << 'EOF' # Network Security Deployment ## Quick Start 1. Review requirements 2. Deploy configuration: `./network-security/config/configure-network.sh` 3. Test policies: `./network-security/tests/network-tests.sh` 4. Monitor: Check logs for violations ## Trusted Domains - Anthropic API - GitHub - NPM/PyPI - Docker Hub ## Monitoring - Connection logs: `/var/log/connections.log` - Firewall logs: `/var/log/firewall.log` - DNS queries: `/var/log/dns.log` ## Maintenance - Review monthly - Update trusted domains as needed - Audit logs weekly EOF
Workflow Summary
Duration: 25-45 minutes
Deliverables:
- Network security policies
- Firewall configuration
- DNS filtering
- Test suite
- Documentation
Best Practices
- Whitelist Approach: Deny by default
- Least Privilege: Minimal access
- Regular Testing: Weekly validation
- Continuous Monitoring: Real-time logs
- Documentation: Keep updated